Question about IDS events
- From: Koolk3 <koolk3@xxxxxxxxx>
- Date: Fri, 3 Feb 2006 14:49:05 -0500
I am seeing external IP addresses in few events on my internal IDS.
These are mostly port/network scan type events. I am wondering what
the reason is. Instead of the firewall address why am I seeing the
originating IP? Is this due to the nature of ICMP packets or does this
result from scans like Nmap?
Thanks for your responses.
Sample events:
TCP_Port_Scan Medium 80.67.72.208 10.113.128.50
TCP_Port_Scan Medium 80.67.72.208 10.113.128.50
TCP_Port_Scan Medium 80.67.72.208 10.113.128.50
TCP_Port_Scan Medium 80.67.72.208 10.119.0.50
--
KoolK3
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- Follow-Ups:
- Re: Question about IDS events
- From: Arturas Zalenekas
- Re: Question about IDS events
- Prev by Date: Security Templates Reporter
- Next by Date: RE: www.readnotify.com
- Previous by thread: Security Templates Reporter
- Next by thread: Re: Question about IDS events
- Index(es):
Relevant Pages
|
